[issue5753] CVE-2008-5983 python: untrusted python modules search path
Antoine Pitrou
report at bugs.python.org
Sat May 2 14:44:34 CEST 2009
Antoine Pitrou <pitrou at free.fr> added the comment:
I'm not sure we can change the behaviour of PySys_SetArgv() like that.
At least not in a bugfix release.
In 2.7/3.1, we could either change PySys_SetArgv(), or introduce a new
PySys_SetArgvEx() with an additional argument indicating whether
sys.path should be modified or not. I suggest asking on python-dev first.
----------
versions: +Python 2.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue5753>
_______________________________________
More information about the Python-bugs-list
mailing list